Data Protection — News

Comodo Hacker taunt halts GlobalSign’s SSL certificates

By Liam Tung | 08 September, 2011 07:09

The world’s fifth largest issuer of SSL (secure sockets layer) certificates, Global Sign, has stopped issuing certificates following a claim that its systems were compromised.

Hackers flip characters to disguise malware

By Gregg Keizer | 08 September, 2011 06:40

Hackers are using a new trick to cloak malicious files by disguising their Windows file extensions to make them appear safe to download, a Czech security company warned today.

Senators push for changes in cybercrime law

By Grant Gross | 08 September, 2011 04:05

The main U.S. law targeting cybercrime may need to be changed because it has allowed law enforcement agencies to target people who simply violate websites' terms of service or their employers' computer use policies, two senators said Wednesday.

Wikileaks: Online infiltrators often take credit for terrorist attacks

By Gregg Keizer | 08 September, 2011 04:00

Analysts at an Israeli company that infiltrates online forums to identify terrorists often claim responsibility for attacks to bolster their credibility, according to a recently-leaked cable from the U.S. Department of State.

Weaknesses in Password Strength

By Charles Wale | 07 September, 2011 21:35

Password strength is always being discussed because it is difficult to balance password strength with usability. Typically, resetting passwords is the main reason to call the helpdesk, indicating that passwords are too complex and / or change too frequently. Can we make passwords less complex without compromising security?

Ten years after 9/11, cyberattacks pose national threat, committee says

By Jaikumar Vijayan | 07 September, 2011 20:08

Ten years after the terrorist attacks of Sept. 11, 2001, the nation faces a critical threat to its security from cyberattacks, a new report by a bipartisan think tank warns.

How Hacktivism Affects Us All

By Robert Vamosi | 07 September, 2011 20:01

In December 2010, a group of nearly 3000 activists under the name "Operation Payback" launched online attacks against PayPal, MasterCard, and Visa, briefly knocking the three financial services' sites offline and preventing consumers from accessing ATMs or online banking services. The activists retaliated against the three companies for severing ties with WikiLeaks, an online repository for whistleblower data that had recently included thousands of secret communications from the U.S. State Department and other world governmental agencies. Nine months later more than a dozen people--most between the ages of 19 and 24--were arrested in connection with these denial-of-service (DoS) attacks, even as new attacks were hitting corporate, military, and government sites worldwide.

Cybercrime Innovation Needs Strategic Responses

By Robert Layton | 07 September, 2011 20:16

Cybercrime today is run as a business, with ROI, user support, clear hierarchies and business plans. One aspect of this type of business is the high rate of innovation, leading to new technical advances in cybercrime proliferation.

DigiNotar certificates are pulled, but not on smartphones

By Robert McMillan | 07 September, 2011 18:17

Browser makers have generally been quick to react to the computer compromise at digital certificate issuer DigiNotar, but that hasn't been the case for all mobile phone makers.

Mac desktop security: The landscape is changing

By Kevin Fogarty | 07 September, 2011 09:54

Only about 20 percent of Americans think Macs are vulnerable to viruses, compared to more than half who describe PCs as "vulnerable" or "very vulnerable" to attack by viruses, according to Alex Stamos, a security analyst at iSec Partners.

Comodo hacker claims Dutch SSL attack

By Liam Tung | 07 September, 2011 06:52

The so-called Comodo Hacker has claimed credit for the breach of Dutch SSL (secure sockets layer) certificate authority DigiNotar, now known to be behind 531 forged certificates.

Sony plucks first CISO from US Dept of Homeland Security

By Liam Tung | 07 September, 2011 06:22

Sony has named US government cyber security czar Phillip Reitinger its first chief information security officer (CISO).

The newly filled post was one of Sony’s key responses to its first major customer data breach in which 77 million customers personal details were compromised.

Microsoft flips 'kill switch' on all DigiNotar certificates

By Gregg Keizer | 07 September, 2011 05:12

Microsoft today updated Windows to permanently block all digital certificates issued by a Dutch company that was hacked months ago.

Don't Overload Your PC with Security Software

By Rick Broida | 07 September, 2011 04:27

Reader Steve uses a program called Vipre Premium to keep his PC secure. The suite offers anti-virus, anti-malware, anti-spyware, a firewall, e-mail protection--basically, the works.But Steve also runs Malwarebytes Anti-Malware. And Microsoft Security Essentials (though with real-time protection turned off). Steve's question: should he turn on MSE's real-time protection and "run it concurrently with Vipre?"Short answer: no. Definitely not. In fact, I'd say Steve is running too much security software as it is. And that's a common mistake.For starters, the Vipre suite is more than sufficient. I can see keeping Malwarebytes Anti-Malware on hand just in case some infection sneaks through, but if you're using the Pro version--which, unlike its freebie sibling, offers real-time scanning--then it's competing with Vipre. In fact, when you overlap security products like that, they can seriously impact system performance and even falsely recognize each other as being a threat.My advice: keep your security tools to a bare minimum. In fact, if you're running Windows 7 (which Steve is), you're already adequately equipped to handle the majority of security threats. Windows 7 offers a solid firewall, and its built-in Windows Defender should block most spyware and pop-ups.Meanwhile, Internet Explorer 9 provides robust protection against phishing, malware, and other browser-related threats. (In fact, some tests have shown it to be the safest browser, period.) Cap that off with Microsoft Security Essentials and browser plug-in Web of Trust, and you've got yourself a nearly bulletproof PC. (I speak from experience: that's my exact configuration, and I haven't had an infection of any kind, well, ever.)Bottom line: don't overdo the security software. Too much is not a good thing.Contributing Editor Rick Broida writes about business and consumer technology. Ask for help with your PC hassles at, or try the treasure trove of helpful folks in the PC World Community Forums.

If you use it, mobile malware will come

By Kevin Fogarty | 07 September, 2011 05:38

IT people who try to secure mobile devices in a big company face three big conceptual problems.

Microsoft patches SSL security threat

By Loek Essers | 07 September, 2011 06:17

Microsoft is rolling out a worldwide patch that deems all DigiNotar SSL certificates to be untrustworthy except for OSes in the Netherlands, as requested by the Dutch government.

City University launches new UK cyber-security centre

By John E Dunn | 06 September, 2011 17:15

London's City University has gained funding for a new Centre for Cyber and Security Sciences, which will offer research and consultancy across a range of once-disparate but suddenly important areas of computer security.

Rogue Google certificate used by 300,000 Iranian IPs

By Stilgherrian | 06 September, 2011 11:02 | 1 Comment

Iranian internet users whose security may have been compromised by the forged digital certificate could number in the hundreds of thousands. An interim report (PDF) commissioned by DigiNotar, the certification authority (CA) at the centre of the hacking incident, also reveals lax security at the Dutch firm.

Microsoft: Stolen SSL certs can't be used to install malware via Windows Update

By Gregg Keizer | 06 September, 2011 07:36

Microsoft said Sunday that a digital certificate stolen from a Dutch company could not be used to force-feed customers malware through its Windows Update service.

Iranians faced mass man-in-the-middle on August 28

By Liam Tung | 06 September, 2011 06:38

On 28 August Iranian citizens were subjected to a far reaching cyber snooping operation made possible by an attack on Dutch certificate authority DigiNotar.

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory


RSA offers a wide range of strong two-factor authentication solutions to help organizations assure user identities and meet compliance requirements.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.